0

I am working in C# and ASP.NET making a webbased database application with integrated security such that the Windows user is used in access to the database. When I run the application in IIS Express from Visual Studio, everything is fine. When I publish the webpage under IIS, I get problem with the Windows Authentication.

In IIS Express, the following two code lines produce the same Windows username corresponding to the currently logged in user, which is also what I want:

string user = Page.User.Identity.Name;
string loginName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

but in the published form in IIS, the second line gives a different user: IIS APPPOOL\"the-name-of-my-Visual-Studio-solution". This user has no rights to the databases, and the application breaks down.

I have enabled Windows authentication in web.config:

<authentication mode="Windows" />
    <identity impersonate ="false" />
    <authorization>
      <deny users="?" />
    </authorization>

In IIS, the following settings are used (see pictures below):

IIS authentication settings

And this is the application pools settings:

IIS Application pools settings

Where to look for the problem?

desertnaut
  • 57,590
  • 26
  • 140
  • 166
Robert Granat
  • 25
  • 1
  • 2
  • And which user credentials do you want it to get? IIS launches it under it's own user, which is logical. Just give that user the access to the DB, and everything should be fine. – Morse Apr 16 '21 at 08:48
  • Yes, that is a possibility. But in our environment the Windows user also control what databases you have access to in SQL Server. I want the Page.User.Identity to be the same as WindowsIdentity. – Robert Granat Apr 16 '21 at 11:33
  • 1
    https://blog.lextudio.com/web-application-differences-in-visual-studio-and-iis-60fec7e311b3 First time IIS users must learn the differences. – Lex Li Apr 16 '21 at 12:37
  • You can refer to:https://stackoverflow.com/questions/7698286/login-failed-for-user-iis-apppool-asp-net-v4-0 – Theobald Du Apr 19 '21 at 02:37

2 Answers2

0

Try these code :

string UserName = HttpContext.Current.User.Identity.Name;
string UserName = Request.LogonUserIdentity.Name;
Afshin
  • 1,405
  • 10
  • 18
0

The problem had to do with impersonation. For the proper authentication to take place, I had to do two things: 1) I had to enable ASP.NET impersonation in IIS for my application. (This can be done in web.config also, but I did not want that since I then had to makes changes in the server configuration to make it work.) 2) I had to change the Managed Pipeline Mode for the Application Pool from Integrated to Classic, this also in IIS, for my application.

Then it worked.

desertnaut
  • 57,590
  • 26
  • 140
  • 166
Robert Granat
  • 25
  • 1
  • 2